Petya Bitcoin Ransomware Targets Enterprises

A new type of Bitcoin ransomware is making the rounds, albeit this version is doing something different entirely. Or to be more precise, Petya Bitcoin ransomware will block access to the entire hard drive, rather than target specific files or directories. This type of malware seems to be mainly infecting computers in the Benelux, although other parts of the world are not safe from harm either.

Also read: Ledger Blue Gets Nod of Approval From French Minister of Economy

Petya Bitcoin Ransomware Is Here

TheMerkle_Petya Bitcoin Ransomware

One would come to expect it becomes much harder to distribute Bitcoin ransomware through traditional means, as most consumers and enterprises should be well aware of emails with suspicious attachments by now. But that does not seem to be the case, as this malware campaign is directly aimed at companies and job centers.

Rather than sending out an email with a dodgy Excel file, Petya Bitcoin ransomware is spreading through a job application email. In the email text is a dropbox link, which will download an executable file once a user clicks on it. Although no one should run executable files they do not know or trust, those who do will be greeted with a blue screen of death.

Rebooting the computer will happen automatically, which is where Petya wills tart to do its nasty work. By taking control of the Master Boot Record, the Bitcoin ransomware is showing messages of how the filesystem is being checked and repaired. However, there is no system check taking place, but instead, files are made inaccessible.

This is where Petya differentiates itself from other types of Bitcoin ransomware, as the malware will block file access although it remains unknown whether or not anything is encrypted at all. Similar to other types of Bitcoin ransomware, owners of infected computers will have to download a Tor browser and pay for the decryption key with the digital currency.

The website where the payment has to be made also displays a timer counting down, and the message of how the price for decryption will double unless the Bitcoin payment is made on time. Keeping in mind how users have close to seven days to make the payment, there is plenty of time to obtain the necessary amount of Bitcoin.

As is always the case when it comes to computer security, backing up existing files is of the utmost importance. HR departments need to be made aware of this malware attack, although they should know better than to click random links in an email message. Moreover, there is no need to pay the ransomware fee when taking the necessary precautions.

Source: G Data

Images credit 1,2

If you liked this article follow us on Twitter @themerklenews and make sure to subscribe to our newsletter to receive the latest bitcoin and altcoin price analysis and the latest cryptocurrency news.

  • hcg2007

    Why must you call it “bitcoin” ransomware? I’ve never heard of “dollar” blackmail.

    • Bitcoins and Gravy

      Simple: The author of this article is a juvenile delinquent.

      • Expanse <3

        Why is he a juvenile delinquent?

  • Expanse <3

    I think this article have a lacks of information. I can’t get what he is trying to say.